에프에이리눅스 / 1611_0007_prime_oven

Blame view

buildroot/buildroot-2016.08.1/package/wpa_supplicant/0009-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch 2.14 KB
edit raw normal view history
6b13f685e   김민수   BSP 최초 추가 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
  From 73e4abb24a936014727924d8b0b2965edfc117dd Mon Sep 17 00:00:00 2001
  From: Jouni Malinen <jouni@qca.qualcomm.com>
  Date: Fri, 4 Mar 2016 18:46:41 +0200
  Subject: [PATCH] Reject psk parameter set with invalid passphrase character
  
  WPA/WPA2-Personal passphrase is not allowed to include control
  characters. Reject a passphrase configuration attempt if that passphrase
  includes an invalid passphrase.
  
  This fixes an issue where wpa_supplicant could have updated the
  configuration file psk parameter with arbitrary data from the control
  interface or D-Bus interface. While those interfaces are supposed to be
  accessible only for trusted users/applications, it may be possible that
  an untrusted user has access to a management software component that
  does not validate the passphrase value before passing it to
  wpa_supplicant.
  
  This could allow such an untrusted user to inject up to 63 characters of
  almost arbitrary data into the configuration file. Such configuration
  file could result in wpa_supplicant trying to load a library (e.g.,
  opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
  load_dynamic_eap) from user controlled location when starting again.
  This would allow code from that library to be executed under the
  wpa_supplicant process privileges.
  
  Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
  Signed-off-by: Baruch Siach <baruch@tkos.co.il>
  ---
  Patch status: upstream (73e4abb24a936014727924d8b0b2965edfc117dd)
  
   wpa_supplicant/config.c | 6 ++++++
   1 file changed, 6 insertions(+)
  
  diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
  index b1c7870dafe0..fdd964356afa 100644
  --- a/wpa_supplicant/config.c
  +++ b/wpa_supplicant/config.c
  @@ -478,6 +478,12 @@ static int wpa_config_parse_psk(const struct parse_data *data,
   		}
   		wpa_hexdump_ascii_key(MSG_MSGDUMP, "PSK (ASCII passphrase)",
   				      (u8 *) value, len);
  +		if (has_ctrl_char((u8 *) value, len)) {
  +			wpa_printf(MSG_ERROR,
  +				   "Line %d: Invalid passphrase character",
  +				   line);
  +			return -1;
  +		}
   		if (ssid->passphrase && os_strlen(ssid->passphrase) == len &&
   		    os_memcmp(ssid->passphrase, value, len) == 0) {
   			/* No change to the previously configured value */
  -- 
  2.8.1